package cn.itcast.web.shiro;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.apache.shiro.crypto.hash.Md5Hash;

//自定义一个密码密码匹配器 （加盐加密密码匹配器）
public class CustomCredentialsMatcher extends SimpleCredentialsMatcher {

    @Override
    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        //1. 强制转换token为userNamePasswordToken
        UsernamePasswordToken usernamePasswordToken= (UsernamePasswordToken) token;

        //2.得到用用户名(邮箱)与密码(用户输入数据)
        String email = usernamePasswordToken.getUsername();
        String password = new String(usernamePasswordToken.getPassword());

        //3. 使用Md5Hash类对用户输入的数据进行加盐加密
        Md5Hash md5Hash = new Md5Hash(password,email);
        String saltPassword = md5Hash.toString();

        //4. 把用户输入的加盐加密的数据与该用户的数据库密码进行对比
        //得到该用户在数据库中密码
        String dbPassword = (String) info.getCredentials();
        return dbPassword.equals(saltPassword);
    }
}
